CN106533650A - Cloud-oriented interactive privacy protection method and system - Google Patents
Cloud-oriented interactive privacy protection method and system Download PDFInfo
- Publication number
- CN106533650A CN106533650A CN201611027772.XA CN201611027772A CN106533650A CN 106533650 A CN106533650 A CN 106533650A CN 201611027772 A CN201611027772 A CN 201611027772A CN 106533650 A CN106533650 A CN 106533650A
- Authority
- CN
- China
- Prior art keywords
- data
- cloud
- data table
- privacy protection
- attribute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000004224 protection Effects 0.000 title claims abstract description 54
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000002452 interceptive effect Effects 0.000 title claims abstract description 17
- 238000012545 processing Methods 0.000 claims abstract description 45
- 238000005516 engineering process Methods 0.000 claims description 20
- 230000008569 process Effects 0.000 claims description 15
- 238000012946 outsourcing Methods 0.000 claims description 6
- 230000003993 interaction Effects 0.000 claims description 4
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 239000011159 matrix material Substances 0.000 description 3
- 238000007418 data mining Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 102100026827 Protein associated with UVRAG as autophagy enhancer Human genes 0.000 description 1
- 101710102978 Protein associated with UVRAG as autophagy enhancer Proteins 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Computing Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a cloud-oriented interactive privacy protection method and system. The privacy protection method is characterized in that a data owner uploads encrypted data and stores the encrypted data on a cloud server for a long time, and data sharing services meeting privacy protection requirements are provided; when a client sends a data request, anonymization processing of the encrypted data is directly carried out on the cloud server, and the data meeting the privacy protection requirements is output; and during the anonymization processing, the cloud server can interact with a proxy server for comparison processing of ciphertext data. The method has the advantages that the data stored in an encrypted manner can serve multiple purposes; and diversified privacy protections can be easily achieved. The privacy protection system has two preconditions: a cloud service provider may be a privacy attacker, but the services must be provided according to a protocol; and the client promises not to forward an obtained data sheet to any unauthorized third party (including the cloud service provider), so that conspiratorial attacks are prevented.
Description
Technical Field
The invention relates to the field of privacy protection, in particular to a cloud-oriented interactive privacy protection method and system.
Background
With the advent of the cloud computing era, people increasingly like to utilize the characteristics of convenience and expandability of a cloud platform to store and compute data at the cloud end, and more technologies are supported by the cloud computing related services and platforms. In a cloud computing mode, a data owner uploads a large amount of data to a cloud end through a network for processing, but the cloud end has unreliable factors, and personal privacy information in the data is possibly leaked in the transmission, storage and processing processes. Therefore, the research on privacy protection in the cloud environment has become an important research direction in the field of privacy protection.
The encryption processing of the external packet data by using an encryption method is a convenient method for realizing cloud security storage. However, after the data is encrypted by the common encryption technology, the data is difficult to be researched by using the ciphertext, and the homomorphic encryption technology provides the possibility. In order to provide data sharing service, privacy protection processing is performed before cloud ciphertext data are decrypted, and data processing before decryption can be realized by using a homomorphic encryption technology.
Based on the current situation, the system combines a fully homomorphic encryption technology, a privacy protection technology and a cloud environment, and provides an interactive method and system which are oriented to the cloud, are based on the fully homomorphic encryption technology and are used for realizing safe data storage and protecting the privacy safety of a data processing process. The specific method relates to the following main technologies:
fully homomorphic encryption technology: the concept of homomorphic encryption was proposed as early as 1978 by Rivest et al, but has been stalled since then. There was a rapid development after the first homomorphic encryption scheme constructed by Gentry in 2009. The main contribution of the fully homomorphic encryption is that the possibility that the operation on the encrypted data is equal to the operation on the plaintext under the condition of no decryption is realized, which makes a great contribution to the development of the cryptology.
Privacy protection technology: data anonymization is a main technology for realizing privacy protection, and after certain change is carried out on privacy information of original data, an attacker cannot deduce a specific individual, so that personal privacy is protected.
The data privacy can be protected doubly by combining the fully homomorphic encryption technology and the anonymization technology, the safe storage of the data at the cloud end can be guaranteed, the safety of the cloud end data processing process can also be guaranteed, and finally shared data can also meet the privacy protection requirement.
Disclosure of Invention
The invention aims to provide a cloud-oriented interactive privacy protection method and system, which combine a fully homomorphic encryption technology and a privacy protection technology and apply the combined technology to cloud computing, so that the safety of cloud data storage is ensured, data sharing service is provided, and the cloud can directly perform anonymization processing on encrypted data. By using the system, different privacy parameters or privacy protection requirements can be adopted for anonymization processing, and the encrypted and stored data can be used for various data mining tasks and various data sharing query tasks.
The proposed cloud privacy protection system has two premises: firstly, a cloud service provider may be a privacy attacker, but must provide services according to an agreement; secondly, the client promises not to forward the obtained data table to other persons without authorization including the cloud service provider, so no collusion attack exists.
In order to achieve the above purpose, the present invention designs a cloud-oriented interactive privacy protection method based on the assumption that a cloud service provider is a privacy attacker, and the method is mainly implemented by the following steps:
1) the data owner independently generates a key pair (pk) for each row of data of each attribute in the extended coding data table according to a fully homomorphic key generation algorithmij,skij) I denotes the attribute number, j denotes the data column number, and the public key pk is usedijRespectively carrying out encryption processing to obtain an encrypted data table;
2) the data owner generates a key pair (pk) according to a fully homomorphic key generation algorithmcomp,skcomp) Using the public key pkcompEncrypting all attribute data columns of the extended coding data table to obtain an encrypted data table copy;
3) the data owner encrypts the data table and the copy of the encrypted data table, and the anonymized hierarchical structure file, the encoding rule and the public key pk of each attribute in the data tablecompUploading the data to a cloud server for storage as a data outsourcing form;
4) the client requests for sharing data, the request is sent to the cloud server, the request number uid is recorded by the cloud server, and then the request number uid is forwarded to the proxy server;
5) the method comprises the following steps that the proxy server determines privacy parameters and instructs a cloud server to start executing anonymization processing based on fully homomorphic encryption, and specifically comprises the following substeps:
5.1) the cloud server requests the proxy server to assist in completing ciphertext data comparison operation, and the proxy server uses the private key skcompDecrypting the ciphertext needing to be compared, then performing plaintext comparison, and returning a comparison result to the cloud server;
5.2) the cloud server executes anonymization processing by using outsourcing data stored in the cloud and the assistance of the proxy server, and searches out a data column meeting the privacy protection requirement;
6) the cloud server transmits the information of the sharable data column to the proxy server, and the proxy server generates a temporary key (pk)temp,sktemp) And using the temporary public key pktempPrivate key sk corresponding to encrypted data columni,tGet pski,tAnd t represents the t column of the ith attribute;
7) the proxy server sends the temporary public key pktempAnd pski,tUploading to a cloud server, and using pk for the cloud servertempAnd pski,tRe-encrypting the encrypted data table in step 1) to obtain the public key pktempA lower re-encrypted data table;
8) the client side obtains the coding rule from the load encryption data table under the cloud server, and obtains the temporary private key sk from the proxy servertempAnd after the re-encrypted data table is decrypted and coded and converted, the data table meeting the privacy protection requirement can be obtained.
Further, in the step 1), the extended encoding data table is in a data table form based on the hierarchy structure of the anonymization of each attribute and the encoding rule, and is obtained by performing extension processing and encoding processing on data owned by a data owner. The expansion processing is to insert more fuzzy data representation values into the data table according to the attribute anonymization hierarchical structure; the encoding process is to represent each attribute data in the data table in a unique encoding form. The attribute anonymization hierarchy is defined by an XML configuration file, a single data attribute is defined by an att element, and the att element comprises two attributes: index indicates a data attribute number, and name indicates a data attribute name. The single data attribute tree structure is defined by vgh elements, vgh elements include node elements, original data values or fuzzified data values are defined by the node elements, the innermost node element represents the data form of the data owner, and the data represented by the outer node element is a more fuzzified representation of the inner data. The anonymization hierarchy of each attribute is different and can be set according to the system requirement.
Further, in the step 1) and the step 2), the encrypted data table is used for data distribution; the encrypted data table copy is used for data anonymization processing operation.
Further, in the step 3), the data outsourcing form includes an encrypted data table and an encrypted data table copy, and an attribute anonymization hierarchical structure file, an encoding rule, and a public key pkcompThe data security in the uploading and storing process is guaranteed, and the data security in the cloud server data processing process is also guaranteed.
Further, in the step 5), the privacy protection requirement is to avoid that sensitive information in the shared data is associated with an individual, the privacy parameter is a parameter set to meet the privacy protection requirement, the privacy parameters set by different privacy protection requirements are different, and the privacy protection parameter and the privacy protection requirement are self-settable and are not fixed and unchangeable. The anonymization processing is a technology for hiding or blurring data and data sources. The anonymization processing based on the fully homomorphic encryption is anonymization processing under a ciphertext by using homomorphic addition and multiplication operation.
A cloud-oriented interactive privacy protection system comprises a data owner, a proxy server, a client and a cloud server, wherein the data owner is connected with the proxy server and the cloud server, the proxy server is connected with the cloud server, and the cloud server does not have a hooking action;
the data owner is a party who owns a large amount of data and is used for generating a homomorphic key pair and encrypting the data; sending the encrypted data table and the copy, the anonymization hierarchical structure file of each attribute, the public key and the encoding rule to a cloud server; the private key is sent to the proxy server.
The proxy server is a server trusted by a data owner and is used for determining the requirement of privacy parameters; acquiring a private key from a data owner, generating a temporary homomorphic key pair, and encrypting the private key; information interaction with a cloud server is realized; a temporary key is assigned to the client.
The cloud server is used for safe storage of the encrypted data table and anonymization processing of the ciphertext data; and carrying out information interaction with the proxy server in the anonymization processing process to realize comparison between the ciphertexts.
The client is a party sending a data sharing request, and after the re-encrypted data table, the encoding rule and the temporary private key are obtained, data decryption and sharing are achieved.
The invention has the following advantages: the expansion encoding data table is encrypted by adopting a homomorphic encryption technology and then uploaded to a cloud server, so that the safety of data in the uploading and storing processes is ensured; the data is stored in the cloud server in an encrypted form, and the cloud server can directly perform homomorphic operation on the ciphertext data, so that privacy protection in the data processing process is realized; the encrypted data is stored in a cloud server for a long time, and data sharing service meeting different privacy parameters and privacy protection requirements is provided; the encrypted stored data may have multiple uses, such as for various data mining tasks and various data sharing query tasks.
Drawings
FIG. 1 is a diagram of a cloud-oriented interactive privacy preserving system of the present invention;
FIG. 2 is a basic flow chart of a cloud-oriented interactive privacy protection method;
FIG. 3 is a diagram of an example anonymization hierarchy file for three attributes.
Detailed Description
The invention adopts a BGV homomorphic encryption scheme (Z.Brakerski, C.Gentry, and V.Vaikunttanathan. (leveled) full homomorphic encryption with outbootstrapping. TOCT,6(3):13,2014.Preliminary version in ITCS 2012.) based on RLWE with higher efficiency, and for the convenience of understanding, the principle of homomorphic encryption is introduced firstly.
Firstly, setting parameters. The fully homomorphic encryption scheme employed by the present invention is based on a polynomial ringd is a power of2, λ is a security parameter of a homomorphic encryption scheme, the ciphertext polynomial coefficient takes the μ -bit modulus q, L is the binary arithmetic circuit depth, the other parameters (d ═ d (λ, μ, b), n ═ n (λ, μ, b),χ ═ χ (λ, μ, b)) to ensure 2λThe safety of (2). Setting n to 1 is based on RLWE instantiation. In order to make fully homomorphic encryption suitable for global anonymity algorithm, the plaintext space is set as R2=R/2R。
Second, a key generation algorithm. The key pair is generated as follows: secretceygen (params): selecting s '. o.. Pacer' XnTo obtain a private keyPublic key gen (params, sk): using the private key as input sk ═ s ═ 1, s ═ 0]=1,Also the parameter params ═ (q, d, N, χ). Uniformly generating a matrixOne vector e ← χNAnd a set b ← a's ' +2 e.set a as the (n +1) column matrix containing b, followed by the n column matrix of-a ' (a · s ═ 2 e). The public key pk ═ a.
Loop j ═ L to 0, params runj←GHE.Setup(1λ,1(j+1)·μB) obtaining a hierarchy of decreasing modules from qL((L + 1). mu.bits) to q0(μ bits) cycle j ═ L-1 to 0, parameter paramsjIn djIs replaced by d ═ dLX distribution ofjIs replaced by χ ═ χL。
FHE.KeyGen(paramsj) Cycle j ═ L to 0, achieved as follows:
1. operation sj←GHE.SecretKeyGen(paramsj)and Aj←GHE.PublicKeyGen(paramsj,sj)。
2. Is provided withs'jIs sjIs given by a factor of RqjS injThe product of two coefficients.
3. Setting s'j←BitDecomp(s'j,qj)。
4. Run τs”j+1→sj←SwitchKeyGen(s”j,sj-1) This step is omitted when j ═ L.
The private key sk contains all sjThe public key pk contains all AjAnd τs”j+1→sj。
And thirdly, encryption algorithm. Enc (params, pk, m) at R2Find information m in, run GHE.Enc (A)LM) GHE.Enc (pk, m) for encrypting a message m ∈ R2Is provided withSamplingOutputting the ciphertext
And fourthly, decryption algorithm. Dec (params, sk, c) assume that the ciphertext is at sjUnder, run GHE.Dec(sjAnd c) is adopted. Dec (sk, c) of GHE, outputting decryption information m ← [ [ solution ] ]<c,s>]q]2。
And fifthly, homomorphic addition. Add (pk, c) to FHE1,c2) Inputting two identical private keys sjThe encrypted ciphertext. Setting c3←c1+c2mod qj。c3Is exactly at s'jCiphertext (s'jIncludes all sjDue to the parameters ofAnd s'jThe first coefficient of (1)), and output c)4=FHE.Refresh(c3,τs”j→sj-1,qj,qj-1)。
And sixthly, homomorphic multiplication. Mult (pk, c)1,c2) Inputting two identical private keys sjThe encrypted ciphertext. First, the new ciphertext is the secret keyThe following is a linear equationCoefficient vector c of3Output c4=FHE.Refresh(c3,τs”j→sj-1,qj,qj-1)。
FHE.Refresh(c,τs”j→sj-1,qj,qj-1) Inputting private key s'jCiphertext ofs”j→sj-1To assist in key conversion, the current and next moduli are qjAnd q isj-1The following work is done: first expand c1←Powersof2(c,qj). Then subjected to modulus conversion, c2←Scale(c1,qj,qj-12), corresponding private key s "jSum modulus qj-1. Then the key conversion is carried out and c is output3←SwitchKey(τs”j→sj-1,c2,qj-1) Corresponding to the private key sj-1Sum modulus qj-1。
Where c ═ Scale (c, p, q,2) is the modulo transformation algorithm, p, q are two odd modulo, c is an integer vector, c' is an integer vector close to (p/q) · c and satisfies c ═ c mod 2.Decompose x into its bit representation method, output ofSwitchKeyGen(s1,s2,n1,n2Q) inputting two private keysAnd the dimension of the private key, modulus q, private key s2Andrun GHE2N) to obtain the public key a, yielding B ═ a + Powesof 2(s)1Q), and then output the side information τs1→s2The exchange is implemented as B. Wherein,
the following describes the present invention in further detail with reference to fig. 2 and 3.
The extended data table in table 2 is obtained by performing an extension process on data owned by a data owner, and according to the example diagram of the attribute anonymization hierarchical structure file in fig. 3, the data is represented by fuzzy data of multiple hierarchies and is integrated into the same data table, and the number of layers of each attribute is equal to the number of columns of the attribute in the extended data table. The extended data table is a result of encoding the data in the extended data table according to the encoding rule, the extended data table in table 3 is obtained according to binary encoding, and the data encoding expression mode of each attribute is unique.
TABLE 1 extended data Table
Table 2 extended coded data table
① data owner generates several key pairs (pk) using homomorphic key generation algorithm fheij,skij) Respectively encrypting each column of the extended coding data table 2 by using different public keys to obtain an encrypted extended data table e2And (6) RT. The attribute is 3 in total, and the data of the columns 2, 2 and 3 are respectively provided, so seven key pairs are shared, and the key pairs are respectively (pk)11,sk11),(pk12,sk12),(pk21,sk21),(pk22,sk22),(pk31,sk31),(pk32,sk32),(pk33,sk33)。
② data owner generates a key pair (pk) using a homomorphic key generation algorithm fhecomp,skcomp) Using the public key pkcompAll columns of the encryption table 2 are encrypted to obtain a copy e of the encrypted extended data table2RTcomp。
③ data owner upload e2RT、e2RTcompEncoding rule, public key pkcompAnd anonymizing hierarchical structure files of all attributes in the data table are sent to the cloud server.
And fourthly, the client requests the cloud server for sharing data.
And fifthly, the cloud server records the request number uid and forwards the request number uid to the proxy server.
⑥ proxy server determines privacy parameters and privacy protection requirements and instructs the cloud server to perform anonymization processing in the embodiment, we set the privacy parameters to 3, and in the data table meeting the privacy protection requirements, each record is required to contain at least 3-1 identical records2RTcompIn the data table, a row of data of each attribute is respectively extracted as a fuzzification processing result to form a new ciphertext data table re2RT。
⑦ the cloud server executes anonymization processing based on homomorphic encryption technology under ciphertext data by using outsourced data stored in the cloud, and requests the proxy server to assist in completing comparison operation between ciphertexts when necessary2And comparing the two specific records in the RT, and counting to obtain a comparison result, wherein if the two specific records are the same ciphertext of 1, the two specific records are different ciphertexts of 0. Add calculates the amount of data belonging to a record using homomorphic addition, but the amount of data is in the form of ciphertext, so a proxy server is required to assist decryption.
⑧ the proxy server gets the private key sk from the data ownercompAnd decrypting the data volume ciphertext, which is transmitted by the cloud server and needs to be compared, of each record, comparing the decrypted ciphertext with the set privacy parameter 3, and then returning comparison result information to the cloud server. If the ciphertext data table re2Each record in RT at least contains 2 same records, which shows the ciphertext data table re2The RT complies with privacy protection requirements.
And ninthly, after the cloud server carries out anonymization processing, returning the data column information meeting the privacy protection requirement to the proxy server. When the 1 st column of the 1 st attribute, the 0 th column of the 2 nd attribute and the 2 nd column of the 3 rd attribute are taken, 2 types of records are totally arranged, namely { Any, Male, Any } { Any, Female, Any }, each type of record has at least 2 pieces of data consistent with the record, namely each type of record at least comprises 3 pieces of data, and then the information of the data columns (1,0,2) is returned to the proxy server.
⑩ proxy Server generates temporary Key Pair (pk)temp,sktemp) Using the temporary public key pktempThe private key sk corresponding to the encrypted data sequence (1,0,2)1,1,sk2,0,sk3,2Get psk1,1,psk2,0,psk3,2。
Proxy server uploads temporary public key pktempAnd psk1,1,psk2,0,psk3,2And sending the data to a cloud server.
PSK for cloud server1,1,psk2,0,psk3,2Re-encrypted data Table e2Corresponding column data in RT is converted into temporary public key pktempThe following table of re-encrypted data.
The client side obtains the coding rule from the load encryption data table under the cloud server, and obtains the temporary private key sk from the proxy servertempAnd decrypting and coding and converting the re-encrypted data table to obtain the sharable data table meeting the privacy protection requirement.
In summary, the cloud-oriented interactive privacy protection method and system provided by the invention can realize the safe processing and sharing of data under the condition of participation of multiple parties. And under the condition of not revealing privacy, the proxy server can be used for decrypting the ciphertext data, and the possibility is provided for comparison operation in the anonymization processing process under the ciphertext. And finally, the client side obtains a data ciphertext meeting the privacy protection requirement from the cloud side, obtains a temporary private key for decryption from the proxy server, and obtains a final plaintext result for data sharing through decryption.
For the embodiments disclosed above, to enable those skilled in the art to use the present invention, various modifiable methods can be adopted for the anonymization operation based on homomorphism in the embodiments, which can be realized by the skilled person. Especially the modification of the set privacy parameters and privacy protection requirements will be apparent to the skilled person. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles of the systems disclosed herein.
Claims (6)
1. A cloud-oriented interactive privacy protection method is characterized by comprising the following steps:
1) the data owner independently generates a key pair (pk) for each row of data of each attribute in the extended coding data table according to a fully homomorphic key generation algorithmij,skij) I denotes the attribute number, j denotes the data column number, and the public key pk is usedijRespectively carrying out encryption processing to obtain an encrypted data table;
2) the data owner generates a key pair (pk) according to a fully homomorphic key generation algorithmcomp,skcomp) Using the public key pkcompEncrypting all attribute data columns of the extended coding data table to obtain an encrypted data table copy;
3) the data owner encrypts the data table and the copy of the encrypted data table, and the anonymized hierarchical structure file, the encoding rule and the public key pk of each attribute in the data tablecompUploading the data to a cloud server for storage as a data outsourcing form;
4) the client requests for sharing data, the request is sent to the cloud server, the request number uid is recorded by the cloud server, and then the request number uid is forwarded to the proxy server;
5) the method comprises the following steps that the proxy server determines privacy parameters and instructs a cloud server to start executing anonymization processing based on fully homomorphic encryption, and specifically comprises the following substeps:
5.1) the cloud server requests the proxy server to assist in completing ciphertext data comparison operation, and the proxy server uses the private key skcompDecrypting the ciphertext needing to be compared, then performing plaintext comparison, and returning a comparison result to the cloud server;
5.2) the cloud server executes anonymization processing by using outsourcing data stored in the cloud and the assistance of the proxy server, and searches out a data column meeting the privacy protection requirement;
6) the cloud server transmits the information of the sharable data column to the proxy server, and the proxy server generates a temporary key (pk)temp,sktemp) And using the temporary public key pktempPrivate key sk corresponding to encrypted data columni,tGet pski,tAnd t represents the t column of the ith attribute;
7) the proxy server sends the temporary public key pktempAnd pski,tUploading to a cloud server, and using pk for the cloud servertempAnd pski,tRe-encrypting the encrypted data table in step 1) to obtain the public key pktempA lower re-encrypted data table;
8) the client side obtains the coding rule from the load encryption data table under the cloud server, and obtains the temporary private key sk from the proxy servertempAnd after the re-encrypted data table is decrypted and coded and converted, the data table meeting the privacy protection requirement can be obtained.
2. The cloud-oriented interactive privacy protection method of claim 1, wherein in the step 1), the extended coding data table is in a data table form based on attribute anonymization hierarchy and coding rules, and is obtained by performing extension processing and coding processing on data owned by a data owner. The expansion processing is to insert more fuzzy data representation values into the data table according to the attribute anonymization hierarchical structure; the encoding process is to represent each attribute data in the data table in a unique encoding form. The attribute anonymization hierarchy is defined by an XML configuration file, a single data attribute is defined by an att element, and the att element comprises two attributes: index indicates a data attribute number, and name indicates a data attribute name. The single data attribute tree structure is defined by vgh elements, vgh elements include node elements, original data values or fuzzified data values are defined by the node elements, the innermost node element represents the data form of the data owner, and the data represented by the outer node element is a more fuzzified representation of the inner data. The anonymization hierarchy of each attribute is different and can be set according to the system requirement.
3. The cloud-oriented interactive privacy protection method of claim 1, wherein in the steps 1) and 2), the encrypted data table is used for data publishing; the encrypted data table copy is used for data anonymization processing operation.
4. The cloud-oriented interactive privacy protection method of claim 1, wherein in the step 3), the outsourcing form includes an encrypted data table and an encrypted data table copy, and an attribute anonymization hierarchy file, an encoding rule, and a public key pkcompThe data security in the uploading and storing process is guaranteed, and the data security in the cloud server data processing process is also guaranteed.
5. The cloud-oriented interactive privacy protection method of claim 1, wherein in the step 5), the privacy protection requirement is to prevent sensitive information in the shared data from being associated with an individual, the privacy parameter is a parameter set to meet the privacy protection requirement, the privacy parameters set by different privacy protection requirements are different, and the privacy protection parameter and the privacy protection requirement are set by themselves and are not fixed and unchangeable. The anonymization processing is a technology for hiding or blurring data and data sources. The anonymization processing based on the fully homomorphic encryption is anonymization processing under a ciphertext by using homomorphic addition and multiplication operation.
6. The interactive privacy protection system facing the cloud end is characterized by comprising a data owner, a proxy server, a client and a cloud end server, wherein the data owner is connected with the proxy server and the cloud end server;
the data owner is a party who owns a large amount of data and is used for generating a homomorphic key pair and encrypting the data; sending the encrypted data table and the copy, the anonymization hierarchical structure file of each attribute, the public key and the encoding rule to a cloud server; the private key is sent to the proxy server.
The proxy server is a server trusted by a data owner and is used for determining the requirement of privacy parameters; acquiring a private key from a data owner, generating a temporary homomorphic key pair, and encrypting the private key; information interaction with a cloud server is realized; a temporary key is assigned to the client.
The cloud server is used for safe storage of the encrypted data table and anonymization processing of the ciphertext data; and carrying out information interaction with the proxy server in the anonymization processing process to realize comparison between the ciphertexts.
The client is a party sending a data sharing request, and after the re-encrypted data table, the encoding rule and the temporary private key are obtained, data decryption and sharing are achieved.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611027772.XA CN106533650B (en) | 2016-11-17 | 2016-11-17 | Interactive method for secret protection and system towards cloud |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611027772.XA CN106533650B (en) | 2016-11-17 | 2016-11-17 | Interactive method for secret protection and system towards cloud |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106533650A true CN106533650A (en) | 2017-03-22 |
CN106533650B CN106533650B (en) | 2019-04-02 |
Family
ID=58352785
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611027772.XA Active CN106533650B (en) | 2016-11-17 | 2016-11-17 | Interactive method for secret protection and system towards cloud |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106533650B (en) |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107404538A (en) * | 2017-08-18 | 2017-11-28 | 金蝶软件(中国)有限公司 | A kind of cloud data transmission method and its server |
CN108011714A (en) * | 2017-11-30 | 2018-05-08 | 公安部第三研究所 | Guard method and the system of data object main body mark are realized based on cryptography arithmetic |
CN109800595A (en) * | 2018-12-26 | 2019-05-24 | 全球能源互联网研究院有限公司 | A kind of electric power data sharing method and system |
CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
CN110176983A (en) * | 2019-05-22 | 2019-08-27 | 西安电子科技大学 | Privacy protection association rule mining based on full homomorphic cryptography |
CN110190945A (en) * | 2019-05-28 | 2019-08-30 | 暨南大学 | Based on adding close linear regression method for secret protection and system |
CN110365679A (en) * | 2019-07-15 | 2019-10-22 | 华瑞新智科技(北京)有限公司 | Context aware cloud data-privacy guard method based on crowdsourcing assessment |
CN110636070A (en) * | 2019-09-26 | 2019-12-31 | 支付宝(杭州)信息技术有限公司 | Data sending method, data query method, device, electronic equipment and system |
CN111125734A (en) * | 2019-12-20 | 2020-05-08 | 深圳前海微众银行股份有限公司 | Data processing method and system |
CN111143880A (en) * | 2019-12-27 | 2020-05-12 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
CN111159761A (en) * | 2019-12-20 | 2020-05-15 | 深圳前海微众银行股份有限公司 | Model training method and device |
CN111460475A (en) * | 2020-03-27 | 2020-07-28 | 公安部第三研究所 | Method for realizing data object subject de-identification processing based on cloud service |
WO2020242509A1 (en) | 2019-05-31 | 2020-12-03 | Intuit Inc. | Privacy preserving server |
CN112231736A (en) * | 2020-11-04 | 2021-01-15 | 广东辰宜信息科技有限公司 | Fully homomorphic encryption microsystem, computing method, encryption method, processing end and medium |
CN112788001A (en) * | 2020-12-28 | 2021-05-11 | 建信金融科技有限责任公司 | Data encryption-based data processing service processing method, device and equipment |
CN112818362A (en) * | 2021-01-29 | 2021-05-18 | 江苏理工学院 | Public key encryption method based on R-LWE |
WO2021109756A1 (en) * | 2019-12-03 | 2021-06-10 | 重庆交通大学 | Proxy anonymous communication method based on homomorphic encryption scheme |
CN113127536A (en) * | 2021-04-14 | 2021-07-16 | 上海同态信息科技有限责任公司 | Offline fuzzy matching framework based on homomorphic configuration encryption |
TWI734368B (en) * | 2019-06-18 | 2021-07-21 | 開曼群島商創新先進技術有限公司 | Data homomorphic encryption and decryption method and device for realizing privacy protection |
CN113157778A (en) * | 2021-06-09 | 2021-07-23 | 富算科技(上海)有限公司 | Proxiable query method, system, device and medium for distributed data warehouse |
US11159305B2 (en) | 2019-06-18 | 2021-10-26 | Advanced New Technologies Co., Ltd. | Homomorphic data decryption method and apparatus for implementing privacy protection |
CN114386072A (en) * | 2022-01-13 | 2022-04-22 | 中国科学技术大学 | Data sharing method, device and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103903325A (en) * | 2013-07-08 | 2014-07-02 | 苏州大学 | Safe electronic voting system based on identity signature |
US20150058629A1 (en) * | 2013-08-21 | 2015-02-26 | Mark D. Yarvis | Processing Data Privately in the Cloud |
CN105072157A (en) * | 2015-07-15 | 2015-11-18 | 柳州首光科技有限公司 | Network-based data storage system having privacy protection function |
-
2016
- 2016-11-17 CN CN201611027772.XA patent/CN106533650B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103903325A (en) * | 2013-07-08 | 2014-07-02 | 苏州大学 | Safe electronic voting system based on identity signature |
US20150058629A1 (en) * | 2013-08-21 | 2015-02-26 | Mark D. Yarvis | Processing Data Privately in the Cloud |
CN105072157A (en) * | 2015-07-15 | 2015-11-18 | 柳州首光科技有限公司 | Network-based data storage system having privacy protection function |
Cited By (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107404538A (en) * | 2017-08-18 | 2017-11-28 | 金蝶软件(中国)有限公司 | A kind of cloud data transmission method and its server |
CN107404538B (en) * | 2017-08-18 | 2021-01-22 | 金蝶软件(中国)有限公司 | Cloud data transmission method and server thereof |
CN108011714A (en) * | 2017-11-30 | 2018-05-08 | 公安部第三研究所 | Guard method and the system of data object main body mark are realized based on cryptography arithmetic |
CN108011714B (en) * | 2017-11-30 | 2020-10-02 | 公安部第三研究所 | Method and system for protecting data object body identification based on cryptology operation |
CN109800595A (en) * | 2018-12-26 | 2019-05-24 | 全球能源互联网研究院有限公司 | A kind of electric power data sharing method and system |
CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
CN110176983A (en) * | 2019-05-22 | 2019-08-27 | 西安电子科技大学 | Privacy protection association rule mining based on full homomorphic cryptography |
CN110176983B (en) * | 2019-05-22 | 2021-09-03 | 西安电子科技大学 | Privacy protection association rule mining method based on fully homomorphic encryption |
CN110190945A (en) * | 2019-05-28 | 2019-08-30 | 暨南大学 | Based on adding close linear regression method for secret protection and system |
CN110190945B (en) * | 2019-05-28 | 2022-07-19 | 暨南大学 | Linear regression privacy protection method and system based on multiple encryptions |
WO2020242509A1 (en) | 2019-05-31 | 2020-12-03 | Intuit Inc. | Privacy preserving server |
EP3871127A4 (en) * | 2019-05-31 | 2022-07-27 | Intuit Inc. | Privacy preserving server |
TWI734368B (en) * | 2019-06-18 | 2021-07-21 | 開曼群島商創新先進技術有限公司 | Data homomorphic encryption and decryption method and device for realizing privacy protection |
US11159305B2 (en) | 2019-06-18 | 2021-10-26 | Advanced New Technologies Co., Ltd. | Homomorphic data decryption method and apparatus for implementing privacy protection |
CN110365679B (en) * | 2019-07-15 | 2021-10-19 | 华瑞新智科技(北京)有限公司 | Context-aware cloud data privacy protection method based on crowdsourcing evaluation |
CN110365679A (en) * | 2019-07-15 | 2019-10-22 | 华瑞新智科技(北京)有限公司 | Context aware cloud data-privacy guard method based on crowdsourcing assessment |
CN110636070A (en) * | 2019-09-26 | 2019-12-31 | 支付宝(杭州)信息技术有限公司 | Data sending method, data query method, device, electronic equipment and system |
WO2021109756A1 (en) * | 2019-12-03 | 2021-06-10 | 重庆交通大学 | Proxy anonymous communication method based on homomorphic encryption scheme |
CN111159761B (en) * | 2019-12-20 | 2022-06-24 | 深圳前海微众银行股份有限公司 | Model training method and device |
CN111125734A (en) * | 2019-12-20 | 2020-05-08 | 深圳前海微众银行股份有限公司 | Data processing method and system |
CN111125734B (en) * | 2019-12-20 | 2023-03-31 | 深圳前海微众银行股份有限公司 | Data processing method and system |
CN111159761A (en) * | 2019-12-20 | 2020-05-15 | 深圳前海微众银行股份有限公司 | Model training method and device |
CN111143880A (en) * | 2019-12-27 | 2020-05-12 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
CN111143880B (en) * | 2019-12-27 | 2022-06-07 | 中电长城网际系统应用有限公司 | Data processing method and device, electronic equipment and readable medium |
CN111460475B (en) * | 2020-03-27 | 2023-04-25 | 公安部第三研究所 | Method for implementing de-identification processing of data object main body based on cloud service |
CN111460475A (en) * | 2020-03-27 | 2020-07-28 | 公安部第三研究所 | Method for realizing data object subject de-identification processing based on cloud service |
CN112231736A (en) * | 2020-11-04 | 2021-01-15 | 广东辰宜信息科技有限公司 | Fully homomorphic encryption microsystem, computing method, encryption method, processing end and medium |
CN112788001B (en) * | 2020-12-28 | 2023-04-07 | 建信金融科技有限责任公司 | Data encryption-based data processing service processing method, device and equipment |
CN112788001A (en) * | 2020-12-28 | 2021-05-11 | 建信金融科技有限责任公司 | Data encryption-based data processing service processing method, device and equipment |
CN112818362A (en) * | 2021-01-29 | 2021-05-18 | 江苏理工学院 | Public key encryption method based on R-LWE |
CN112818362B (en) * | 2021-01-29 | 2023-09-22 | 江苏理工学院 | Public key encryption method based on R-LWE |
CN113127536A (en) * | 2021-04-14 | 2021-07-16 | 上海同态信息科技有限责任公司 | Offline fuzzy matching framework based on homomorphic configuration encryption |
CN113127536B (en) * | 2021-04-14 | 2023-07-28 | 上海同态信息科技有限责任公司 | Offline fuzzy matching system based on homomorphic encryption |
CN113157778B (en) * | 2021-06-09 | 2021-09-24 | 富算科技(上海)有限公司 | Proxiable query method, system, device and medium for distributed data warehouse |
CN113157778A (en) * | 2021-06-09 | 2021-07-23 | 富算科技(上海)有限公司 | Proxiable query method, system, device and medium for distributed data warehouse |
CN114386072A (en) * | 2022-01-13 | 2022-04-22 | 中国科学技术大学 | Data sharing method, device and system |
CN114386072B (en) * | 2022-01-13 | 2024-04-02 | 中国科学技术大学 | Data sharing method, device and system |
Also Published As
Publication number | Publication date |
---|---|
CN106533650B (en) | 2019-04-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106533650B (en) | Interactive method for secret protection and system towards cloud | |
Abd El-Latif et al. | Secure data encryption based on quantum walks for 5G Internet of Things scenario | |
CN106534313B (en) | The frequency measuring method and system of facing cloud end data publication protection safety and privacy | |
Cui et al. | Efficient and expressive keyword search over encrypted data in cloud | |
Liang et al. | Searchable attribute-based mechanism with efficient data sharing for secure cloud storage | |
CN104168108B (en) | It is a kind of to reveal the traceable attribute base mixed encryption method of key | |
US20180006805A1 (en) | Method and system for encrypting data | |
JP6363032B2 (en) | Key change direction control system and key change direction control method | |
CN107154845B (en) | BGN type ciphertext decryption outsourcing scheme based on attributes | |
CN110635909B (en) | Attribute-based collusion attack resistant proxy re-encryption method | |
CN111586000A (en) | Full-proxy homomorphic re-encryption transmission system and operation mechanism thereof | |
Gupta et al. | A fully homomorphic encryption scheme with symmetric keys with application to private data processing in clouds | |
Liu et al. | Ciphertext‐policy attribute‐based encryption with partially hidden access structure and its application to privacy‐preserving electronic medical record system in cloud environment | |
CN110851845A (en) | Light-weight single-user multi-data all-homomorphic data packaging method | |
Li et al. | Traceable Ciphertext‐Policy Attribute‐Based Encryption with Verifiable Outsourced Decryption in eHealth Cloud | |
CN105978689B (en) | Secret key leakage resistant cloud data secure sharing method | |
CN114175569A (en) | System and method for adding and comparing integers encrypted with quasigroup operations in AES counter mode encryption | |
CN114697042A (en) | Block chain-based Internet of things security data sharing proxy re-encryption method | |
Nalajala et al. | Light weight secure data sharing scheme for mobile cloud computing | |
Almuzaini et al. | Key Aggregation Cryptosystem and Double Encryption Method for Cloud‐Based Intelligent Machine Learning Techniques‐Based Health Monitoring Systems | |
Khuntia et al. | New hidden policy CP-ABE for big data access control with privacy-preserving policy in cloud computing | |
Lv et al. | Efficiently attribute-based access control for mobile cloud storage system | |
Zhou et al. | Secure outsourced medical data against unexpected leakage with flexible access control in a cloud storage system | |
CN115361109B (en) | Homomorphic encryption method supporting bidirectional proxy re-encryption | |
Karvelas et al. | Efficient privacy-preserving big data processing through proxy-assisted ORAM |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |